Internal Auditing of Integrated Management Systems

L

Libnani

#1
Hello

where could i find templates for internal audits specific to an integrated quality system (ISo 9001 , OHSAS 18001 , ISO 14001) ?


is it possible that we have an integrated (combined) process for the 3 standards ? and do the audit by process as usual ?


or we have to change the method of audit ? and how ?
 
Elsmar Forum Sponsor

Jen Kirley

Quality and Auditing Expert
Staff member
Admin
#2
Hi Libnani,

If you are asking for checklists that combine all three systems, no I can't provide because I don't use "canned" checklists.

However, there's no reason why you can't audit all three systems in the same rounds. So many things are shared: document control, policy, training, management review etc., that these can easily be covered in one audit for three systems.

Others, such as metrology, can combine the other two systems by simply adding the 14001 and 18001 items to the list of things to pay attention to. Hazardous material handling in the work area, safety controls being followed for the area, and a query for awareness of all three systems' aspects can be done in one auditing session.

Certainly there will be cases where an audit will focus on one system's needs. In such cases your program should allow you to be able to request corrective action for non conformances found in any system, even if that system isn't being audited at the time. For example, when finding an uncontrolled document or nonconforming product next to good product when looking at hazmat storage in receiving, you should be able to raise the quality system issue.

I think the real risk here is overlooking some areas. That should be manageable with scheduling. All in all, I think the matter of auditing all three at once is not nearly as complicated as it seems.

I hope this helps!
 

RoxaneB

Super Moderator
Super Moderator
#3
Libnani,

I have taken the liberty of moving your thread to the Internal Auditing forum (from the OHSAS 18001 forum) as it focuses on auditing more than one standard and you may receive more input from your fellow Cove members here.

where could i find templates for internal audits specific to an integrated quality system (ISo 9001 , OHSAS 18001 , ISO 14001) ?
I don't believe you will find an integrated checklist. I have asked this question before and all but received a resounding "Nope, don't have one" response. :rolleyes: Of course, that hasn't stopped me from developing one on my own.


Libnani said:
is it possible that we have an integrated (combined) process for the 3 standards ? and do the audit by process as usual ?
In my opinion, yes, it is possible. Knowing how the standards align/overlap allows you to see the common requirements. From there, I set up the requirements against the PDCA foundation of our Business Management System.

The checklist that I developed for my organization is in a PDCA format, with a clear indication if the requirement stated applies to one, two or all three standards.

Libnani said:
or we have to change the method of audit ? and how ?
We have not had to change the process in which we audit, other than our audits are more detailed than previously done. What was limited to quality or environment or safety, now encompasses all three - as appropriate - and we are assessing the conformance of our Business Management System to the necessary requirements.

It has helped to also determine the state of our culture or language. With so much overlap between those three standards, we have pushed for common tools to be used (e.g., document control is document control as Jennifer said) and there is no value added to the system if safety were to develop their own document control system that differered from environment or quality.

Unfortunately, I can not share my checklist with you as it does contain infomration that is confidential to my organization. On the plus side, the standards already tell you how they compare/align with each other...so you have a great starting point right there! :D
 

Helmut Jilling

Auditor / Consultant
#4
Hi Libnani,

If you are asking for checklists that combine all three systems, no I can't provide because I don't use "canned" checklists.

However, there's no reason why you can't audit all three systems in the same rounds. So many things are shared: document control, policy, training, management review etc., that these can easily be covered in one audit for three systems.

Others, such as metrology, can combine the other two systems by simply adding the 14001 and 18001 items to the list of things to pay attention to. Hazardous material handling in the work area, safety controls being followed for the area, and a query for awareness of all three systems' aspects can be done in one auditing session.

Certainly there will be cases where an audit will focus on one system's needs. In such cases your program should allow you to be able to request corrective action for non conformances found in any system, even if that system isn't being audited at the time. For example, when finding an uncontrolled document or nonconforming product next to good product when looking at hazmat storage in receiving, you should be able to raise the quality system issue.

I think the real risk here is overlooking some areas. That should be manageable with scheduling. All in all, I think the matter of auditing all three at once is not nearly as complicated as it seems.

I hope this helps!

I agree. Also, remember that the ISO 9001 portion must be process based audits. I have clients who combine their ISO 14001 into this, and audit that standard in a process approach as well. Same could apply to 18001.
 
C

CliffK

#5
Hjilling,

You said,
remember that the ISO 9001 portion must be process based audits
What would cause you to say that? 8.2.2 refers to "processes and areas to be audited," and, "The management responsible for the area being audited..."

Thank you,
Cliff Kachinske
 

Helmut Jilling

Auditor / Consultant
#6
Hjilling,

You said,


What would cause you to say that? 8.2.2 refers to "processes and areas to be audited," and, "The management responsible for the area being audited..."

Thank you,
Cliff Kachinske
The entire ISO 9001 program is based on a process approach. The QMS is to be defined along your processes, the Mgt. Review is to evaluate the performance of your processes, and the audits are to be auditing the processes.

While I wish the standard were more blunt, it is clear from reading the whole standard, as well as related documents form the CB's, the intent is to operate along the process lines. Audits to a clause based approach would be nonconforming. I'm a little surprised you would be asking this question. Is this not how your CB is requiring you to work?
 
C

CliffK

#7
Audits to a clause based approach would be nonconforming.
Agreed. But then, I never said clause based. The word in the standard is "area," as in, for example, a department or work group.

Are you saying that an audit program planned around departments or work groups would be nonconforming?
 

RoxaneB

Super Moderator
Super Moderator
#8
While I find the discussion of clause versus process versus area interesting, it does tend to be off-topic from the Original Poster's question. It is perhaps worthy of its own thread and discussion.

Please try to keep your comments related to the original question(s).

Thank you.
 

RoxaneB

Super Moderator
Super Moderator
#9
I think the real risk here is overlooking some areas. That should be manageable with scheduling. All in all, I think the matter of auditing all three at once is not nearly as complicated as it seems.
The one downside I've experienced while conducting integrated internal audits at my side is the lack of experience of the auditors...or rather, their lack of familiarity with the standards. Not everyone lives and breathes them like I do (note to self...get a life when the new job starts in July :D )

Several years back, I had an auditor actually say to the auditee in a production area "I've already asked this before because of ISO 9001...but I'm going to ask it again because of ISO 14001."

The auditor hadn't quite grasped the concpet of how the two standards and the requirements in the area aligned. That was what prompted me to develop our integrated checklist.

One the reasons for integrating our system was to effectively manage our resources. Having auditors who were unable to blend the requirements wasn't helping us in this manner and it became a focus for last year's round of auditing - which, fyi, was much smoother.

This year's internal audit - scheduled for next month - will be my last one here at my current location. I'm determined to make it the best darn integrated audit they've ever had! I've got a new group of auditors - 4 of the 6 have less than one year at this location and 2 of them are fresh out of school! - which should make the whole experience interesting.

But integrating the audit allows them to see the system from a high level, to see the linkages and relationships and the flow of the inputs and outputs. I'll leave behind a group of people who have the ability to see the system as a whole instead of individual silos. Definately worth the head ache of developing an integrated checklist!
 

Helmut Jilling

Auditor / Consultant
#10
Agreed. But then, I never said clause based. The word in the standard is "area," as in, for example, a department or work group.

Are you saying that an audit program planned around departments or work groups would be nonconforming?

Processes and departments are similar but different. Processes frequently cross beyond departments, and is the better approach. It has been well documented and discussed throughout ISO land that the expectation is that your ISO program follows a process approach. That would apply to your internal audits as well.
 
Thread starter Similar threads Forum Replies Date
S ISO 9001:2015 Internal Auditing Internal Auditing 8
A What are the pros and cons of using an audit software for internal auditing? General Auditing Discussions 7
S Risk based internal auditing Internal Auditing 6
F AS9100D Internal auditing requirements Internal Auditing 11
R Does any here use an internal auditing tool that works on different platforms? Internal Auditing 3
W Does anyone have an API Q2 checklist for internal auditing? Oil and Gas Industry Standards and Regulations 1
blackholequasar Internal Auditing Inspiration - Getting volunteers to perform internal audits. Internal Auditing 22
W Internal Auditing carried out by a 3rd party - Review of previous audits AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
S Internal Auditing for API Spec Q1 - auditor qualification requirements Oil and Gas Industry Standards and Regulations 6
E Informational Internal Audits - Wear multiple hats what can and can't I audit (so I'm not auditing my own work) Internal Auditing 149
N Online Internal Auditing Course for ISO 13485 - Suggestions ISO 13485:2016 - Medical Device Quality Management Systems 8
U Internal auditing - Company employees or contract second party Internal Auditing 10
K Internal Auditing - Umbrella QMS and Multiple Standards Oil and Gas Industry Standards and Regulations 4
D Auditing Our Outsourced 2nd-3rd Party Internal Audit Company ISO 13485:2016 - Medical Device Quality Management Systems 6
G AS9101 Rev F - Worksheets for internal auditing AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 11
S ISO 13485:2016 and MDSAP internal auditing ISO 13485:2016 - Medical Device Quality Management Systems 6
S ISO 9001:2015 - Internal Auditing - Audit to the Standard? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
R Internal Auditor auditing Internal Audit Procedure (AS9100) Internal Auditing 18
M Is Automated Internal Auditing Possible? Internal Auditing 13
C Internal Auditing Requirements (ISO 9001:2008) Internal Auditing 3
L Auditing Design and Development in ISO 9001 (Internal Audit) Internal Auditing 1
sswaim Auditing Internal Laboratory Personnel for Competence General Auditing Discussions 4
K Internal Auditing a previous Nonconformance? Internal Auditing 19
P Recommended books on ISO 27001:2013 Implementation and Internal Auditing IEC 27001 - Information Security Management Systems (ISMS) 4
M Are auditing checklists required for Internal Audits? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 13
B ISO/TS16949 Internal Auditing - How many auditors? Internal Auditing 4
B PFMEA, Internal Auditing, Corrective Action Training In Native Language (China) Training - Internal, External, Online and Distance Learning 1
Gman2 Internal Auditing Requirements before ISO 9001 Registration ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
S Auditing TS 16949 Cl. 7.6.3.1 - Internal Calibration Laboratory Requirements IATF 16949 - Automotive Quality Systems Standard 8
T ISO 9001 Internal Auditing Auditor Training in Amsterdam Training - Internal, External, Online and Distance Learning 1
S In an internal auditing desert and I'm the only one here.... AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 15
G Internal Auditing in a Multi-Site Environment ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 17
B Internal Auditing of MDD and CMDR Requirements Other Medical Device Related Standards 5
O Internal Auditing in small Engineering company ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
T Looking for a webinar on Internal Auditing General Auditing Discussions 3
R On Auditing Internal Audit Process - How Independence can be Established Internal Auditing 4
D Auditing Abroad - Internal Audits of our European Sister Companies ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 16
R Auditing a process outside the realm of the formal Internal Audit ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
G New to Internal Auditing - Best questions to ask? Internal Auditing 17
M Auditing the Internal Audit Process - 8.2.2 General Auditing Discussions 2
J Auditing the Internal Auditing Process - Audit Nonconformance General Auditing Discussions 3
S Internal Auditing related to RISK Internal Auditing 9
W Internal Auditing - Observational Checklist for a Behavior Based System Internal Auditing 3
R Internal Auditing Checklist - Major NCR because the Checklist was not Completed Internal Auditing 17
V Depth of Internal Auditing and Training aspects in Research & Development (R & D) Internal Auditing 4
N Good Internal Auditing Training Courses Training - Internal, External, Online and Distance Learning 13
L Internal Auditing Reports / Documents - Design and Content Document Control Systems, Procedures, Forms and Templates 1
N Recommend internal auditing training 101 please (Tucson or Phoenix, AZ) Training - Internal, External, Online and Distance Learning 1
L Internal Auditing - How can I audit my QMS independently? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 12
C Internal Auditing - How to make it useful? Internal Auditing 36

Similar threads

Top Bottom